problemas kon spy axe y otros!!

Reglas del Foro
Normas Basicas | Los Titulos, dicen mucho | No postear en paralelo | Continua en tu tema | Cierra tu tema, antes de abrir otro | No escribas en temas antiguos
Enlaces a web/mail/blog/Msn NO estan permitidos | Mensajes Privados | Informes de resultados | Antivirus Online
Responder
aGgRo_HectoR
Mensajes: 2
Registrado: 31 Dic 2005, 19:42

problemas kon spy axe y otros!!

Mensaje por aGgRo_HectoR » 31 Dic 2005, 19:50

hola! cuando estoy navegando, me aparece una pagina extraña, que dice Spy axe, tambien en mi escritorio aparecieron 2 iconos que se llaman:

01 Online Security Guide

02 Security Troubleshooting



tambien en mi barra de incio aparece un recuadro que tiene un texto en ingles, ke dice mas o menos asi:


[code]your coumputer is infected!

dangerous malware infection was detected on your pc
the system will now download and install most efficient antimalware program to prevent data loss and your private information theft
click here to protect your computer from the biggest malware threats. [/code]

ya aca sta mi log del hijackthis:



Logfile of HijackThis v1.99.1

Scan saved at 15:49:48, on 31-12-2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Apps\ActivBoard\nhksrv.exe

C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\WINDOWS\System32\cisvc.exe

C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SYSTEM32\cidaemon.exe

C:\WINDOWS\system32\mssearchnet.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE

C:\WINDOWS\VM_STI.EXE

C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Archivos de programa\Internet Explorer\iexplore.exe

C:\Archivos de programa\HJT\HijackThis.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"

O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Descargar con Fl&ashGet - C:\ARCHIV~1\FlashGet\jc_link.htm

O8 - Extra context menu item: Descargar todo con Flas&hGet - C:\ARCHIV~1\FlashGet\jc_all.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0F73356A-8BEC-4E45-9141-3869D4E1A842}: NameServer = 216.155.73.40,216.155.73.41

O17 - HKLM\System\CCS\Services\Tcpip\..\{3473F44F-10B8-44C8-A3A2-39475B6CF7A0}: NameServer = 216.155.73.154 216.155.73.40

O17 - HKLM\System\CS1\Services\Tcpip\..\{0F73356A-8BEC-4E45-9141-3869D4E1A842}: NameServer = 216.155.73.40,216.155.73.41

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe



graxx :roll:
waza!!
Arriba
Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:
Contactar msc hotline sat

Mensaje por msc hotline sat » 31 Dic 2005, 19:59

Sí, este proceso activo lo indica:



C:\WINDOWS\system32\mssearchnet.exe



Descarga el ELISTARA y pruebalo,







ELISTARA:

http://www.zonavirus.com/descargas/elistara.asp





y tras ello reinicias y nos cuentas el resultado, como respuesta de este Tema



saludos



ms, 31-12-2005
Arriba
aGgRo_HectoR
Mensajes: 2
Registrado: 31 Dic 2005, 19:42

Mensaje por aGgRo_HectoR » 31 Dic 2005, 21:22

hola!

segui los pasos del elistara y reinicie, pero no noto ningun cambio, sige el mensaje:
[code]your coumputer is infected!

dangerous malware infection was detected on your pc
the system will now download and install most efficient antimalware program to prevent data loss and your private information theft
click here to protect your computer from the biggest malware threats. [/code]
ke puedo hacer



porsiacaso mi log es:

Logfile of HijackThis v1.99.1

Scan saved at 17:22:15, on 31-12-2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Apps\ActivBoard\nhksrv.exe

C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\WINDOWS\System32\cisvc.exe

C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE

C:\WINDOWS\VM_STI.EXE

C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe

C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Archivos de programa\Internet Explorer\iexplore.exe

C:\Archivos de programa\HJT\HijackThis.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"

O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Descargar con Fl&ashGet - C:\ARCHIV~1\FlashGet\jc_link.htm

O8 - Extra context menu item: Descargar todo con Flas&hGet - C:\ARCHIV~1\FlashGet\jc_all.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0F73356A-8BEC-4E45-9141-3869D4E1A842}: NameServer = 216.155.73.40,216.155.73.41

O17 - HKLM\System\CCS\Services\Tcpip\..\{3473F44F-10B8-44C8-A3A2-39475B6CF7A0}: NameServer = 216.155.73.154 216.155.73.40

O17 - HKLM\System\CS1\Services\Tcpip\..\{0F73356A-8BEC-4E45-9141-3869D4E1A842}: NameServer = 216.155.73.40,216.155.73.41

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
waza!!
Arriba
Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:
Contactar msc hotline sat

Mensaje por msc hotline sat » 01 Ene 2006, 11:20

Pues lo unico que queda sospechoso en el log son estas claves desconocizdasque si no las conoces, eñiminalas



O8 - Extra context menu item: Descargar con Fl&ashGet - C:\ARCHIV~1\FlashGet\jc_link.htm



O8 - Extra context menu item: Descargar todo con Flas&hGet - C:\ARCHIV~1\FlashGet\jc_all.htm



Y si con la ultima version del elistara no has detectado nada, ni te ha pedido que nos envies ficheros sospechosos, puedes tener una nueva variante qye no conocemos.



Descarga el AD_AWARE, instalalo, actualiza la ultima version, arranca en modo seguro, deshabilita la restauracion de sistema y lanzalo, y al final eliminas los bichos detectados con FIX PROBLEM , y nos comentas lo que ha detectado si es el caso, y cuentanos si con ello se ha solucionado el problema, para poder aplicarlo en futuros casos similares, gracias



saludos



ms, 1-1-2006
Arriba
Responder

Volver a “Foro HijackThis - copia y pega tu log”